Cybersecurity threats pose significant global risks, amplified by increased digital reliance, yet human error remains the most significant vulnerability, frequently stemming from insufficient employee risk awareness. Phishing attacks, which exploit human psychology, exemplify this, contributing to 95% of successful cyber-attacks by deceiving employees into revealing sensitive information. This study investigated the efficacy of a phased intervention strategy utilizing Trend Micro’s Phish Insight tool to enhance cybersecurity awareness among employees. Our methodology comprised two phases: Phase 1 involved foundational cybersecurity training for 3,600 employees through the “Security Essentials” module, establishing basic comprehension of phishing and cyber threats. Phase 2 subsequently introduced a simulated Business Email Compromise attack to assess employee resilience. Data from the 2,576 employees who completed training revealed that 73.9% (1,904 users) completely avoided interaction with the phishing emails, demonstrating high awareness. However, 23.5% (606 users) clicked the links but did not provide credentials, indicating partial threat recognition, and 2.6% (66 users) entered their credentials, signifying persistent vulnerabilities. These findings underscore the critical importance of effective training tools in mitigating human error and bolstering organizational security, while simultaneously highlighting the continuous necessity for awareness reinforcement and refined training approaches to address residual risks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Raising Cybersecurity Awareness Among Departmental Employees: Implementation of Trend Micro’s Phish Insight Tool

  • Azhar Raza Firdousi,
  • Farhad Nadi,
  • Paridah Daud,
  • Noor Azma Ismail

摘要

Cybersecurity threats pose significant global risks, amplified by increased digital reliance, yet human error remains the most significant vulnerability, frequently stemming from insufficient employee risk awareness. Phishing attacks, which exploit human psychology, exemplify this, contributing to 95% of successful cyber-attacks by deceiving employees into revealing sensitive information. This study investigated the efficacy of a phased intervention strategy utilizing Trend Micro’s Phish Insight tool to enhance cybersecurity awareness among employees. Our methodology comprised two phases: Phase 1 involved foundational cybersecurity training for 3,600 employees through the “Security Essentials” module, establishing basic comprehension of phishing and cyber threats. Phase 2 subsequently introduced a simulated Business Email Compromise attack to assess employee resilience. Data from the 2,576 employees who completed training revealed that 73.9% (1,904 users) completely avoided interaction with the phishing emails, demonstrating high awareness. However, 23.5% (606 users) clicked the links but did not provide credentials, indicating partial threat recognition, and 2.6% (66 users) entered their credentials, signifying persistent vulnerabilities. These findings underscore the critical importance of effective training tools in mitigating human error and bolstering organizational security, while simultaneously highlighting the continuous necessity for awareness reinforcement and refined training approaches to address residual risks.